Monday, August 17, 2020

Silver Peak Features by software release

This is a summary of VAOX/ECOS and GMS/Orchestrator software features and the version from which they were added.

  • Remote IP Logged for TACACS+ and RADIUS
  • (8.3.0.4) - The spsadmin account has been removed.
  • (8.3.0.4) - Appliances can now be configured to reject self-signed certificates. This feature addresses CVE-2020-12143 and CVE-2020-12143.
  • (8.3.0.4) - A new IKE-less seed distribution mechanism is now supported in ECOS. This feature addresses CVE-2020-12142.
  • (8.3.0.4) - API changes have been made to restrict traversal of other directories, limiting access to sensitive data.
  • (8.3.1.0) - Changes have been made that greatly reduce or eliminate the possibility of a cross-site forgery request (CSRF) on the appliance.
  • (8.3.1.0) - Support for 25 Gbps fiber interface cards in the EC-XL appliance.
  • (8.3.1.0) - Added a new custom bonding option that performs load-balancing based on tunnel capacity.
  • (8.3.1.0) - Added a new link bonding option that supports user-configurable link prioritization and traffic steering/load balancing policies.
  • (8.3.1.0) - IPSec anti-replay window protection has been enhanced to support window size of up to 64K.
  • (8.3.1.0) - Traceroute is now supported across stateful-SNAT firewall type, across allow-all type with NAT configured, as well as across EdgeHA links.
  • (8.3.1.0) - The Top Applications report now excludes Silver Peak control (non-user) traffic.
  • (8.3.1.0) - Ping IPSLA monitor has been enhanced to include loss/latency measurements and thresholds.
  • (8.3.1.0) - Ping IPSLA can now be directed into a 3rd party IPSec or GRE tunnel.
  • (8.3.1.0) - EC-V now supports up to 32 interfaces along with auto-mac configuration.
  • (8.3.1.0) - IPv6 DHCP is now supported on WAN interfaces.
  • (8.3.1.0) - The internet breakout feature has been enhanced, enabling selection of the best quality internet link for local break-out based on user-defined criteria.

VXOA 8.2
  • Branch NAT
  • Multi-Region Subnet Sharing
  • IPSec Service Chaining IKEv2
  • BGP over IPSec
  • Multicast GUI Support
  • BGP Configuration of Source Address
  • (8.2.1) - Route Filtering
  • (8.2.1) - IPFIX Enhancements
  • (8.2.1) - LAN-side VTI
  • (8.2.1) - Dead Peer Detection (DPD) for IPSec Service Chaining
  • (8.2.1) - Application Inference Engine

VXOA 8.1 
  • Enhanced Application Visibility
  • BGP Routing
  • Interface bonding on 10Gbps ports
  • IPv6 UPD, GRE and IPSec tunnels
  • SHA-2 Hash for IPSec
  • Extended DHCP Server Options
  • SNMPv3 Enhancements
  • Custom HTTPS certificate support for appliance management
  • Flow redirection on any configured physical interface
  • Return passthrough traffic to L2 sender
  • (8.1.3) Fine grained control of management traffic
  • (8.1.4) DNS Application Classification Enhancement
  • (8.1.4) Internet Breakout with Stateful Firewall and NAT
  • (8.1.5) IP SLA tracking
  • (8.1.5) PPPoE Interfaces
  • (8.1.5) Redesigned Configuration > Interfaces page
  • (8.1.5) Improved Application Classification by Port
  • (8.1.5) Per-Flow Maximum Rate Control
  • (8.1.5.3) EC-US Appliance Support
  • (8.1.5.3) Modified High Efficiency Bonding
  • (8.1.6) Edge High Availability
  • (8.1.6) IPSec UDP Overlays (IKEless tunnels)
  • (8.1.6) Mini License (supports up to 50mbps)
  • (8.1.6) Configurable BGP Parameters (Local Preference • MED (Multi-Exit Discriminator) • AS Prepend Count • Keep Alive Timer • Hold Timer)
  • (8.1.6) Configurable Interface for SAAS Probes
  • (8.1.7) IPv6 Support for Inline Router Mode
  • (8.1.7) BGP Enhancements (Soft reset • Input Metric • Communities)
  • (8.1.7) Inbound Port Forwarding
  • (8.1.7) Shaper Enhancements (Rebalance)
  • (8.1.7) TCP MSS Clamping for Internet Breakout
  • (8.1.7) Flow Redirection on WAN Interfaces
  • (8.1.7) TCP Acceleration for IPv6
  • (8.1.7) Cloud-Init Support
  • (8.1.7) OSPF (Beta)
  • (8.1.8) Zone Based Firewall
  • (8.1.8) 3rd party IPSec Tunnels
  • (8.1.8) IPFIX
  • (8.1.8) IP SLA Enhancements


VXOA 8.0 
  • Business Intent Overlays
  • Deployment Profiles
  • Packet-Based Dynamic Path Control (DPC) or Bonded Tunnels
  • Built-in DHCP server and relay
  • Inbound QoS
  • Support for IPv6 PBR deployments
  • (8.0.3) - Support for additional hardware appliance part numbers

VXOA 7.3 
  • Support for the Unity EdgeConnect XS and V.
  • Current Flows tab can report on flows that are experiencing slow LAN-side performance.
  • Reset non-accelerated TCP connections.
  • DRC configuration now available on web interface: Configuration > Shaper
  • (7.3.1) - Support for the Unity EdgeConnect L, XL
  • (7.3.2) - Support for the Unity EdgeConnect S
  • (7.3.3) - Fast fail (sub-second failover) for Dynamic Path Control (DPC)
  • (7.3.3) - Support for the Unity EdgeConnect M



Orchestrator 8.10
  • Intelligent Upgrades

Orchestrator 8.9
  • IKE-less Seed Distribution To address CVE-2020-12142
  • Portal Migration Wizard The Orchestrator
  • Auto-prune Tunnels from Removed Appliances
  • Improved Response Times for Top ‘X’ Charts
  • Support for New Alarm: Insufficient Bandwidth for Tunnels
  • OAuth 2.0 Support for Identity Access Management (IAM)
  • (8.9.2) - Disable Self-signed Certificates To address CVE-2020-12143 and CVE-2020-12144
  • (8.9.2) - Loopback Orchestration

Orchestrator 8.8
  • PPPoE in preconfiguration
  • Loopback & VTI in preconfig
  • Ikev2 enhancements
  • Reset flows confirmation
  • BGP ASN and Local communities
  • Maintenance Mode
  • Notification Banner
  • Tunnels to Hubs in other region
  • DHCP Failover
  • Bandwidth tier licensing
  • (8.8.3) IPFIX UI Enhancements
  • (8.8.3) Increased Capacity for Inbound Port Forwarding Rules, up to 100
  • (8.8.3) Route Map Enhancements
  • (8.8.3) Microsoft Virtual WAN Orchestration (beta)
  • (8.8.3) Zscaler Orchestration to support load balancing of IPSec tunnels and support for new geo-location APIs
  • (8.8.3) Check Point Integration


Orchestrator 8.7
  • Branch NAT
  • DHCP relay per VLAN
  • Source address for BGP
  • ACL Policy enhancement
  • Display peer role (hub/spoke) in routes
  • Added capability to configure the logging level for implicit firewall drop between zones.
  • Loopback interfaces in Appliance Wizard
  • VTI and Loopback Interfaces
  • Redesigned BIO and regional overlays
  • Realtime updates from Microsoft Office 365
  • Role based access
  • Alarm Suppression
  • TACACS and RADIUS enhancements. Support “Remote only” and “Local if Remote Unavailable”

Orchestrator 8.6
  • Multicast routing
  • Firewall rule logging
  • Tech Support - Orchestrator tab improvement. Files can now be downloaded to the Orchestrator first
  • Routes Tab Filter
  • Flows tab improvements - new filters:Overlay and Transport filters, Flow characteristics, Duration filters, Include built-in and HA, and various other checkboxes
  • Zscaler Orchestration
  • Support Any Protocol in Inbound Port Forwarding
  • Verify Email Address optional if Orchestrator is configured with a custom SMTP server
  • Regions Tab
  • License revocation and grant support for metered license model
  • Firewall logging for Security Policies

Orchestrator 8.5
  • Orchestrator has been redesigned to handle large networks.
  • MOS Statistics
  • Define Custom severity for Alarms
  • Delay Alarm Emails
  • Backup Orchestrator to HTTPS or SFTP servers as well as FTP, HTTP and SCP
  • Pre-Configuration using YAML files in Orchestrator before Zero Touch Provisioning occurs.
  • HTTP/HTTPS IPSLA ping monitors
  • IPFIX support
  • Wild Card Based prefix Matching in Policies
  • Block Network Orchestation via Cloud Portal
  • Preconfiguration
  • Allow ECDSA certificates for Saas
  • Health map sorting
  • 'Find Preferred Route' dialog available when editing Configuration > Routes
  • Configurable Statistics Retention
  • Overlapping LAN side subnets
  • Support IPv6 internal subnets on the Business Intent Overlay page
  • Configurable tunnel alarm aggregation
  • Notes for interfaces on Deployment page
  • Boost Trends report
  • Software Versions tab redesigned
  • Preconfiguration Passthrough Tunnels and Flow Redirection
  • IP Directed Broadcast available in templates
  • Nonaccelerated TCP Inactivity Timeout available in System template
  • New routes states that indicate peer’s role as Hub or Spoke
  • BGP Graceful restart
  • Zone based Firewall Statistics
  • Suppress Tunnel creation using Tunnel Exceptions tab
  • (8.5.2) Orchestration ETA progress and prioritization

Orchestrator 8.4
  • Overlay ACL
  • Maximum Orchestrator backups to retain now configurable
  • RMA Wizard
  • Upgrade appliances via Configuration Wizard
  • Tree filters
  • Transceiver information for EC-M-B and EC-M-P models SFP interfaces
  • Admin up/down datapath interfaces
  • Account key protection
  • IP/Port wildcard pattern match
  • IPFIX Flow Export
  • IPSLA HTTP Ping
  • Enable / Disable Default DNS Lookup
  • Auto-MTU Discovery Scheduler
  • Interface Dynamic Rate Control
  • Compound Applications
  • IPSec Pass-Through Tunnels

Orchestrator 8.3
  • Overlay Region Support
  • Orchestration of Templates (Groups)
  • Inbound Port Forwarding Orchestration
  • Cross Connect Grouping
  • (8.3.3) OSPF support
  • (8.3.3) Interface Bandwidth Summary report
  • (8.3.3) Orchestrator in-place upgrade (no revert to previous Orch version from this point on)
  • (8.3.3) Appliance Flow Trends tab enhancements
  • (8.3.3) Authentication protocols for TACACS and RADIUS
  • (8.3.3) Alarms in CSV format 
  • (8.3.3) CLI shell from UI 
  • (8.3.3) Remote assistance
  • (8.3.3) TCP MSS clamping
  • (8.3.6) Unreachable appliances are now shown grey in the tree
  • (8.3.6) Network Manager role deprecated
  • (8.3.6) Saas ping interface configurable
  • (8.3.6) Configurable VLAN for Edge HA
  • (8.3.6) Pause Orchestration


Orchestrator 8.2
  • IPSec UDP overlays
  • Packets per second trends tab
  • Tech Support improvements (appliance and Orchestrator tabs)
  • Orchestrator system dump
  • Application Visibility and Classification (AVC)
  • Edge Connect High Availability HA Support
  • Controlling statistics collection
  • IP Whitelist


Orchestrator 8.1
  • Improved Health Dashboard
  • Dynamic Topology Geomap
  • Live View
  • Traceroute support in the GUI
  • Policy maps enhancements
  • BGP support
  • Flow tab enhancement
  • Top Talkers, domains, countries and ports
  • Tunnel Bandwidth, DSCP, Jitter and Traffic Class Pie Charts
  • Appliance Flow, DSCP, QoS and Jitter Trends
  • Scheduled reports improvements
  • HTTPS Certificates Upload template
  • Custom SSL certificate for Orchestrator UI
  • Geo location support for Discovered Appliances tab
  • Deployment configuration tab improvements
  • DHCP leases by appliance
  • Built-in applications
  • Overlay Manager controls
  • Overlay boost button improvement

Orchestrator 8.0
  • Health Dashboard
  • Deployment Profiles
  • Overlay Topology
  • Tunnel charts per overlay
  • Labels (VXOA 8.0)
  • Tunnel Groups replace Tunnel Builder (VXOA 6.2.11)
  • Shaper, policy and ACL template support (VXOA 8.0)
  • Registration removed from Cloud Portal template (VXOA 7.0)
  • VRRP Template (VXOA 6.2.11)
  • Tunnel templates now support fast fail threshold (VXOA 7.3.3)
  • New Shaper report (VXOA 8.0)
  • Consolidated Audit Log tab
  • Appliance Configuration backup (VXOA 6.2.11)
  • New Deployment report
  • Bulk import subnets from .csv now supported

Orchestrator 7.3 (EoL)
  • Appliance discovery (VXOA 6.2.11)
  • Tunnel summary report
  • Scheduled group reboot/shutdown
  • Scheduled group QoS map activation
  • SMTP settings dialog
  • Scheduled timezone dialog
  • Third party licenses page
  • Silver Peak appliances licenses page
  • Cloud Portal registration template (VXOA 7.2)
  • SaaS Optimization template (VXOA 7.2)
  • CLI template (VXOA 6.2.11)

GMS 7.2 (EoL)
  • HTML email reports (VXOA 6.2)
  • Appliance discovery (VXOA 6.2.10)
  • Alarms via email
  • Time based QoS (VXOA 6.2)
  • GMS Backup
  • Historical Jobs
  • VMware vROps Integration (VXOA 6.2.10)
  • New charts added
  • New templates added
  • New configuration reports added
  • REST API



No comments: